Reputation: 453
How could I protect my paypal form
I'm new to the paypal API, I read an article today that says : It's very simple for a bad guy to change the value of inputs in the paypal form (like the amount).
So instead of putting my code in the html markup, I decided to bring it via the ajax as the following :
<div id="result"></div>
$.post({'action.php', {}, function(data)
{
$('#result').html(data);
}, , 'html');
in my page action.php, I put this simple code :
<?php
echo '<input type="hidden" name="amount" value="99">';
?>
My question is : In this case, could bad folks change the value of this input ?
Thanks
Upvotes: 0
Views: 142
Answers (1)
Reputation: 499042
Yes, of course they could.
Using the web developer tools that come with the browser, or with firebug, they can change values of hidden fields or of JavaScript values before the AJAX call.
You are adding a very thin layer of obfuscation that anyone with web development experience can easily get through.
Upvotes: 2
Related Questions
- security to consider in paypal call back php code
- Securing a Javascript / PayPal checkout form
- Prevent form manipulation in PHP/JavaScript/JQuery (PayPal)
- How to protect user edit paypal button ?
- Paypal checkout php: how to securise a cart?
- Paypal PhP api security issue
- How to secure paypal integration for website
- How to secure data that needs to be used raw
- How to protect sensitive pages for paypal payment processing?
- How to keep PayPal variables secure